prepare hosts

1. Packer for creating AMI for the new socat hosts

We first need to recreate our AMI with the new version of our service.

To create the AMI, you will need to replace the following Packer command-line parameters:

  • my_vault_a_deploy_echo_role_password: this is the password of the a-deploy-echo-role user
  • my_echo_socat_version: this is the version of our socat service

  • my_ami_region: this is where Packer will work

  • my_ami_regions: this is where Packer will copy all its AMIs

You have to put the regions you have chosen in the previous page.

[bastion] (ansible_virtualenv) ~/
$ cd ~/ansible_playbooks/echo

[bastion] (ansible_virtualenv) ~/ansible_playbooks/echo
$ packer build -var "my_ami_region=eu-west-3" -var "my_ami_regions=eu-west-3,eu-west-1" \
-var 'my_vault_a_deploy_echo_role_password=CHANGE_WITH_DEPLOY_ECHO_ROLE_PASSWORD' \
-var "my_echo_socat_version=2.0.0" \
AWS_socat.packer

This could take at least 15 minutes, so coffee break!

2. Terraform

We are now going to create the hosts using the green project:

You will need to replace the following Terraform command-line parameters:

  • my_echo_socat_version: it’s the version number of our socat service, it’s the same used during the creation of the AMI
[bastion] (ansible_virtualenv) ~/ansible_playbooks/echo
$ cd terraform/demo/echo/system_socat_green

[bastion] (ansible_virtualenv) ~/ansible_playbooks/echo/terraform/demo/echo/system_socat_green
$ terraform init
$ terraform apply -var-file '../../vars_network.tf' -var-file '../../vars_network_echo.tf' -var 'my_echo_socat_version=2.0.0'

3. Ansible

Let’s provision the hosts.

To execute Ansible, you will need to replace the following Ansible extra-vars parameters:

  • my_vault_a_create_approle_password: this is the password of the a-create-approle user
  • my_vault_a_deploy_echo_role_password: this is the password of the a-deploy-echo-role user
  • my_vault_a_deploy_echo_secret_password: this is the password of the a-deploy-echo-secret user
  1. First, the Consul part:

    [bastion] (ansible_virtualenv) ~/ansible_playbooks/echo/terraform/demo/echo/system_socat_green
    $ cd ~/ansible_playbooks/infrasecrets
    
    [bastion] (ansible_virtualenv) ~/ansible_playbooks/infrasecrets
    $ ansible-playbook TERRAFORM_consul_approles_creation.yml \
    -i inventories/demo/hosts_echo_socat_green.lst \
    -D --force-handlers \
    -e @inventories/demo/extra_vars_terraform.yml \
    -e @inventories/demo/extra_vars_terraform_echo_socat_green_one.yml \
    -e "my_vault_a_create_approle_password=CHANGE_WITH_CREATE_APPROLE_PASSWORD"
    
    [bastion] (ansible_virtualenv) ~/ansible_playbooks/infrasecrets
    $ ansible-playbook TERRAFORM_consul_approles_roleid.yml \
    -i inventories/demo/hosts_echo_socat_green.lst \
    -D --force-handlers \
    -e @inventories/demo/extra_vars_terraform.yml \
    -e @inventories/demo/extra_vars_terraform_echo_socat_green_one.yml \
    -e "my_vault_a_deploy_role_username=a-deploy-echo-role" \
    -e "my_vault_a_deploy_role_password=CHANGE_WITH_DEPLOY_ECHO_ROLE_PASSWORD"
    
    [bastion] (ansible_virtualenv) ~/ansible_playbooks/infrasecrets
    $ ansible-playbook TERRAFORM_consul_agent.yml \
    -i inventories/demo/hosts_echo_socat_green.lst \
    -D --force-handlers \
    -e @inventories/demo/extra_vars_terraform.yml \
    -e @inventories/demo/extra_vars_terraform_echo_socat_green_one.yml \
    -e "my_vault_a_deploy_secret_username=a-deploy-echo-secret" \
    -e "my_vault_a_deploy_secret_password=CHANGE_WITH_DEPLOY_ECHO_SECRET_PASSWORD"
  2. Then, the echo part:

    [bastion] (ansible_virtualenv) ~/ansible_playbooks/infrasecrets
    $ cd ../echo
    
    [bastion] (ansible_virtualenv) ~/ansible_playbooks/echo
    $ ansible-playbook TERRAFORM_socat.yml \
    -i inventories/demo/hosts_echo_socat_green.lst \
    -D --force-handlers \
    -e @inventories/demo/extra_vars_terraform_echo_socat_green.yml \
    -e "my_vault_a_deploy_echo_secret_password=CHANGE_WITH_DEPLOY_ECHO_SECRET_PASSWORD"

We can see the hosts in the AWS Console:

AWS Echo2 instances in Region1

AWS Echo2 instances in Region2

And this in the Consul UI (note the new tag):

Consul Echo2 Services

4. Next page!

We can now run the both versions.